Q: How do I properly configure an Apple Time Capsule for use on MITNet?

IS&T provides only limited support for Apple Time Capsules.At the current time, IS&T is only able to provide limited support in setting up and using Time Capsules on the MIT network. This article is provided as a best effort for support. Our offically supported method of backup is with Tivoli Storage Manager. IS&T's officially supported software for backups can be found on their Backup page.

The Time Capsule can be configured in many ways. Its 2 main features are a drive for backup and a wireless router. It also has a print server.

We want to make sure users are not using it as a wireless access point (Wireless broadcasting is not allowed at MIT).

We want to make sure users are not using it as a router (nothing is plugged in to the 3 ports with arrows over them). The use of routers is strictly forbidden on MITnet.

It could be used as a wireless client to the wireless network, however wired is more reliable.

We want to make sure that it is secure.

The best way to connect a Time Capsule to MITnet is through a wired Ethernet connection.

Links

Independent from Network

You could use a Time Capsule independently from MITnet if you just wanted to use it for backup. The downside is that you will have to disconnect from the internet and connect to the Time Capsule to backup, making your computer unable to access the internet or the MIT network during this time. Setting up the Time Capsule as an independent wireless network is strictly forbidden, as wireless broadcasting is not allowed at MIT due to the potential for interference and the disruption of MIT sanctioned wifi networks. In addition, if you set it up as a separate wireless network, your computer may also switch back and forth between MIT's network and the Time Capsule's network automatically, leading to confusion. In sum, this is a bad idea. However, users who do not know how to set up the device may find themselves in this mode.

As an access point

DO NOT USE the Time Capsule as an access point to the MIT network. This is against the MITnet Acceptable Use policy because it adds to network congestion, and makes you responsible for anything that happens when anyone uses your network. This is the default configuration, which Apple recommends. However, this configuration is designed for small home networks and it is not for use in enterprise networks, such as the network here at MIT.

As a client on the MIT wired network

Register the device for use on the network

Help staff can use this link to look up the MAC to see if it is registered.

Create a hostname and static IP

We are not very interested in a hostname for the Time Caosule at the current time (perhaps for features beyond time machine compatibility), but we want a static IP address. For students in the dorms, please fill out a static IP request through the RCC home page. Users in other campus locations should request a static IP address and hostname using the Request 1-4 IP Address form.

Helpdesk consultants can see this article for information on how to [hd:RCC - Create hostname with static ip address].

Initial Device Configurations

Use Apple's Airport Utility Version 5.3 or later to configure the Time Capsule using "Manual Setup mode."

The Time Capsule will now only be configurable from the same wired subnet.Due to the topology of MITnet, once these settings are applied, the Time Capsule will only be configurable in Airport Utility if your computer is connected to MITnet with an Ethernet cable. Plug your computer into the wall jack with an Ethernet cable before continuing setup.

Turn off wireless

Make sure static IP settings are applied!Make sure the static IP settings have been applied and you are connecting to it over Ethernet. If you are connecting via radio and you turn it off, you will not be able to connect to the Time Capsule after restart! If you do this you will have to do a hard reset. No data will be deleted and you keep previous settings, fix them, and then reapply.

Go to Airport > Wireless and turn it off.

Set up network share

(if you want to store data on only it, or backup from Windows clients)

Select the Disks category

Select the Disks tab.

Choose a name

Select the File Sharing tab

Enable file sharing: (checked)

Secure Shared Disks: With Disk Password, then set the password

Airport Disks Guest Access: not allowed

Share disks over Internet using Bonjour: (NOT checked)

Configure client access to Time Capsule

Time Machine

Open Time Capsule.

Go to Select Disk and select the Time Capsule.

Wait until the backup actually starts comparing files to confirm.

Network Share

(if set up, above)

Open Finder and select Go > Connect to Server

Enter afp://IP ADDRESS and add it to your favorites

Click Connect and then enter name and password as you defined

Click Connect

The disk is now accessible as a typical networked share!

Need SMB instructions for Win clients

Security.

(needs confirmation: can you encrypt it, doesn't it firewall to the subnet, are packets sent to it encrypted? -MP)

Please remember that the time capsule is accessible on MITnet, so care should be taken to choose VERY good passwords for use. If you have sensitive data contained in your backups, an MITnet Time Capsule might not be the best idea; users in this case may be better off keeping it off MITnet and plugging in through a wired connection only when necessary for backup.

Also, REMEMBER that files on the Time Capsule are not encrypted. If you'd like, you can employ encryption on your hard-drive but that is beyond the scope of this tutorial. Please consult the Knowledge Base or the IS&T Helpdesk for help on encrypting your drive.

Finally, although the disk has user access control, the actual packet data you're sending over the network when you access the disk may NOT be encrypted and for the resourceful, could be intercepted and potentially read.